Re: scripting creating a cert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Very nice.  But this looks like it as part of the whole easyRSA effort, not something I can easily feed into the openssl command to create the cert.  It would take a fair bit of digging to dig out what I need for now.

Definitely something I will look into soon, as providing a simple PKI for a small installation has long been on my list.  But the effort name is limiting.  What about ECDSA and EDDSA certs?  :)

On 03/10/2017 06:58 AM, Jochen Bern wrote:
On 03/10/2017 01:10 AM, openssl-users-request@xxxxxxxxxxx digested:
Thing is that this then prompts for a number of fields:
[...]
Is there some 'simple' way to provide these answers?  Like with env 
variables?
Yes, and as others have already pointed out, there's also the
possibility of command line parameters given to OpenSSL.

A publicly available set of scripts that makes heavy use of the env var
method and might serve as an example would be easyRSA (here, version 3):

# grep EASYRSA_REQ_ openssl-1.0.cnf 
commonName_default      = $ENV::EASYRSA_REQ_CN
countryName_default             = $ENV::EASYRSA_REQ_COUNTRY
stateOrProvinceName_default     = $ENV::EASYRSA_REQ_PROVINCE
localityName_default            = $ENV::EASYRSA_REQ_CITY
0.organizationName_default      = $ENV::EASYRSA_REQ_ORG
organizationalUnitName_default  = $ENV::EASYRSA_REQ_OU
commonName_default              = $ENV::EASYRSA_REQ_CN
emailAddress_default            = $ENV::EASYRSA_REQ_EMAIL

      
# grep EASYRSA_REQ_ easyrsa | grep -v ';;'
        [ $EASYRSA_BATCH ] && opts="$opts -batch" || export EASYRSA_REQ_CN="Easy-RSA CA"
        [ ! $EASYRSA_BATCH ] && EASYRSA_REQ_CN="$1"
        EASYRSA_REQ_CN="$name"
        set_var EASYRSA_REQ_COUNTRY     "US"
        set_var EASYRSA_REQ_PROVINCE    "California"
        set_var EASYRSA_REQ_CITY        "San Francisco"
        set_var EASYRSA_REQ_ORG         "Copyleft Certificate Co"
        set_var EASYRSA_REQ_EMAIL       me@xxxxxxxxxxx
        set_var EASYRSA_REQ_OU          "My Organizational Unit"
        set_var EASYRSA_REQ_CN          ChangeMe
https://github.com/OpenVPN/easy-rsa

Kind regards,



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux